Tenda AX-1806 Stack Overflow Vulnerability in WiFi MAC Filter Configuration Function Allowing Denial-of-Service

A stack overflow vulnerability has been identified in the Tenda AX-1806 router, specifically in version 1.0.0.1. The issue arises in the deviceList parameter of the formSetWifiMacFilterCfg function. This vulnerability allows attackers to craft requests that cause a denial-of-service (DoS) condition by exploiting the stack overflow to overwrite critical stack data, including the return address, leading to a crash of the device and persistent service disruption.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting services and causing a persistent failure to function correctly.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/setWifiFilterCfg endpoint. The request must include a deviceList parameter with a crafted payload that exceeds 128 bytes, such as 156 bytes or longer, followed by a MAC address. This payload will overflow the stack buffer, allowing for control over the return address and potential execution of arbitrary code or causing a stable denial-of-service condition.